Workflow: How can I configure the Smoke phase to pull policies from an Automate/Compliance server?


#1

When using knife, you have the option to pull your smoke/compliance tests from an automate server like so when leveraging the kitchen-inspec verifier:

  - name: default    
    verifier:
      inspec_tests:
        - name: my_profile
          compliance: meta/my-profile

I’m looking to see if the same functionality is available in Chef-Workflow. Based on what I understand of the process, I can use the config.json file of the .delivery cookbook to customize the individual phases of the workflow run. However when I look at the documentation for the delivery-truck cookbook, the only phases that appear to support customization are: ‘lint’, ‘publish’, and ‘deploy’.

Does anyone know if what I’m trying to do is supported in Chef-Workflow? Has anyone successfully done this?


#2

I’ve dabbled in something similar but with no success. Maybe theres something clever I overlooked or it will be possible in next major release.


#3

All phases of workflow are customizable. Your project can have a local build cookbook, which by default just include_recipe’s all of the delivery truck phases, but the phases can be rewritten to do anything you want.

If you would like an example, take a look at: https://github.com/dreamnite/build_apache/

It is a highly customized workflow that builds and deploys Apache from source. You may be able to leverage some of the code I wrote around the functional phase to do what you want.

Thanks,

Jp Robinson


#4

Thanks. But I am looking for similar functionality to what kitchen-verifier is performing, in that, I can simply supply similar input that I’m providing in the kitchen.yaml file to the config.json file which will then go grab that inspec policy from my automate/compliance server and scan the node with it during the Smoke phase. This would provide a fairly seamless experience between the two testing frameworks, which I think is ideal from a customer perspective.